Privacy & Cybersecurity: Updates and Analysis
Tracking Global Legal Developments in the Quickly Evolving World of Privacy & Cybersecurity
State Privacy Laws Comparison Chart (Download)
California/CCPA/CPRA | Colorado | Connecticut | Delaware | Florida | Illinois | Indiana | Iowa | Montana | New York/NY DFS | Nevada | Oregon | Tennessee | Texas | Utah | Virginia | Washington State | NAIC Model Law/Uniform Laws/Federal | UK/EU/GDPR | Health Care | Litigation
California/CCPA/CPRA
Data Minimization Under the CCPA, August 2024
California’s Draft Proposed Regulations on Cybersecurity Audits, April 2024
CCPA Disclosure Requirements Emphasized by California AG’s Settlement With DoorDash, April 2024
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
The CPRA: A Missed Deadline Gives Companies a Break, July 2023
California Privacy Enforcement Will Heat up This Summer as the Agency Takes Control, June 2023
The CCPA’s 12-Month Look Back Period May Extend Beyond That, June 2023
Waiting on Guidance From the CPPA. What to Do in the Meantime?, June 2023
Lessons From the GDPR on the Sunset of the CCPA’s Personnel and B2B Exemptions, June 2023
State Privacy Update – Iowa, California, and the NAIC, April 2023
CCPA Enforcement: The Sephora Settlement Is Just the Start, December 2022
U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022
Why Warranty Providers May Explore CCPA Exemption, November 16, 2022
California Privacy Fall Update: Proposed Regulations and Fading Exemptions, September 2022
California’s Looming Privacy Deadline for Personnel and B2B Data, September 2022
Are You Ready for the BIPA Tsunami? The New Wave of Biometric Statutes, July 2022
Evolving Privacy Requirements in the U.S.: What to Do for 2022?, January 2022
CCPA Quick Update: Certain Companies Must Report Consumer Request Metrics by July 1, 2021, Summer 2021
A Big Win for Walmart Helps Further Define the Scope of Data Breach Class Actions: Gardiner v. Walmart, Inc., March 2021
Ready or Not, Here it Comes: Litigation and Enforcement Issues Under The California Privacy Rights Act, February 2021
What’s in Store for Future CCPA Settlements After the Hanna Andersson Class Action, December 2020
The Murky Waters of the CCPA’s Private Right of Action: Real and Perceived Ambiguities Complicating Litigation, November 2020
CCPA Update: Final Proposed Regulations, Summer 2020
Deletion Completion Under the CCPA, May 2020
The Effective Date of the California Consumer Privacy Act of 2018 Has Come and Gone: What To Do Now?, April 2020
CCPA Proposed Regulations Are Out!, November 2019
Deletion Completion Under the CCPA, November 2019
Looking Ahead to the CCPA’s “Look Back” Requirement, November 2019
CCPA Amendments Are In! Draft CCPA Regulations are Out!, October 2019
California Legislature Amends CCPA and Creates Data Broker Registry, September 2019
CCPA Guide: Does Personal Information Include Employee and Employee Benefit Plan Data?, September 2019
CCPA Guide: Are You Covered by the CCPA?, August 2019
CCPA Guide: We Are Covered, So Now What Do We Do? Create a Project Plan!, August 2019
Verifying the Verifiable – Considering a “Verifiable Consumer Request” Under the CCPA, August 2019
Looking Ahead to the CCPA’s “Look Back” Requirement, August 2019
CCPA Guide: Does Personal Information Include Employee and Employee Benefit Plan Data?, April 2019
CCPA Guide: We Are Covered, So Now What Do We Do? Create a Project Plan!, March 2019
CCPA Proliferation: Connecticut and other states propose to follow California’s lead on Consumer Privacy, March 2019
CCPA Guide: Are You Covered by the CCPA?, January 2019
California Consumer Privacy Act: A Priority for 2019, January 2019
California Amends Consumer Data Privacy Act, but Leaves Material Provisions Unchanged and Questions Unanswered, September 2018
Dropping another Stone in the Pond? California’s New Consumer Privacy Act, July 2018
Colorado
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022
Evolving Privacy Requirements in the U.S.: What to Do for 2022?, January 2022
CCPA Proliferation: Connecticut and other states propose to follow California’s lead on Consumer Privacy, March 2019
Connecticut
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022
Big Data for Insurers: Clarity About the New Connecticut Requirements, July 2022
Delaware
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
Florida
New Restrictions on Storage of Electronic Healthcare Records in Florida, August 2023
Illinois
New Illinois GIPA Class Actions Against Life Insurers Bark up the Wrong Family Tree, November 2023
The Illinois Supreme Court Goes to White Castle…, April 2023
BIPA and Insurance Coverage II – Are You Ready for Some Case Law?, December 2022
BIPA’s Scope Shaped by Courts With No Legislative Relief in Sight, July 2022
BIPA and Insurance Coverage – Play Ball!, July 2022
Are You Ready for the BIPA Tsunami? The New Wave of Biometric Statutes, July 2022
Indiana
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
Iowa
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
State Privacy Update – Iowa, California, and the NAIC, April 2023
Montana
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
New York/NY DFS
New Amendments to NY DFS Cybersecurity Regulation: Big Changes for Big Companies, and Other Implications, December 2023
New York DFS Cybersecurity Regulation Update: Amendments Proposed November 2022, December 2022
New York Department of Financial Services Looks to Raise the Floor – Again – on Cybersecurity Regulation, September 2022
Are You Ready for the BIPA Tsunami? The New Wave of Biometric Statutes, July 2022
NY DFS Releases Guidance on Multi-Factor Authentication, December 2021
NY DFS Cybersecurity Compliance Certificate Required Today; Additional Requirements Looming, February 2018
New York DFS Cybersecurity Regulation Update: Lots Left to Do, December 2017
NY DEFS Cybersecurity Exemption Filings due October 30, October 2017
Nevada
No sale! Nevada consumers may opt out of personal data sales, June 2019
Oregon
Texas and Oregon Data Privacy Laws: Applicability Concerns and Enforcement, August 2024
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
Tennessee
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
Texas
Texas and Oregon Data Privacy Laws: Applicability Concerns and Enforcement, August 2024
Texas Joins the State Privacy Law Landscape on July 1, 2024: The Texas Data Privacy and Security Act, April 2024
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
Texas Data Privacy and Security Act, May 2023
Privacy Law Update: Texas to Study Entering the Fray, June 2019
Utah
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022
Virginia
U.S. State Privacy Laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, December 2023
U.S. State Privacy Laws in 2023: California, Colorado, Connecticut, Utah and Virginia, December 2022
Evolving Privacy Requirements in the U.S.: What to Do for 2022?, January 2022
Privacy Laws Begin to Ripple Across the States Following the California Consumer Privacy Act, Winter 2021
Washington State
Washington State My Health, My Data Act, May 2023
NAIC Model Law/Uniform Laws/Federal
NAIC’S Work on Privacy Model Grinds On, August 2023
NAIC Picking Up Steam As It Drafts New Privacy Model, June 2023
State Privacy Update – Iowa, California, and the NAIC, April 2023
NAIC Privacy Protections Working Group Moves Forward to Revise Consumer Privacy Protections Model Act, March 2023
CFPB’s Data Access Rulemaking Process: A Heads-Up to Covered Data Providers, December 2022
NAIC Insurance Data Security Model Law Update: Vermont Becomes 21st State, June 2022
Uniform State Privacy Law Moves Forward With New Approach, Winter 2021
UK/EU/GDPR
U.K. Information Commissioner Issues New Guidance on the Use of Biometrics in the Workplace, April 2024
New Mechanism for Cross-Border Data Transfer: The EU-U.S. Data Privacy Framework, December 2023
U.S.-U.K. Data Transfer Developments, December 2023
UK Online Safety Bill, April 2023
The NIS2 Directive: Towards a Firmer EU-wide Cybersecurity Framework, April 2023
European Data Protection Board Releases Guidelines on the Territorial Scope of the GDPR, November 2018
GDPR – The Great Data Protection Revolution Has Arrived, May 2018
GDPR – 100 Days to the Great Data Protection Revolution, February 2018
Are We Covered by the EU GDPR? A Warning for U.S.-Only Businesses, December 2017
Health Care
HIPAA Data Management Requirements for Electronic Protected Health Information, August 2024
New Restrictions on Storage of Electronic Healthcare Records in Florida, August 2023
Washington State My Health, My Data Act, May 2023
2022 HIPAA Enforcement Update – OCR Continues Focus on Rights of Access, February 2023
HHS Publishes Proposed Rule on Confidentiality of Substance Use Disorder Records, January 2023
Office of Civil Rights Guidance on Recognized Security Practices Under the 2021 HITECH Act Amendment, December 2022
Litigation
Cybersecurity Safe Harbors – One Step Forward and Two Steps Back, August 2024
Spoliation: When the Duty to Preserve Data Outweighs the Obligation to Delete, August 2024
More Safe Harbor Protections for Navigating Cyber and Privacy Litigation, December 2023
Beware Common Website Technology Tools That Can Lead to Wiretap Claims, December 2023
“Trust the Process”? – Privacy and Cybersecurity Issues With Court Service of Process via NFT, September 2022
Facts Matter – TransUnion’s Impact on Privacy, Cybersecurity Litigation, July 2021
Taking Stock of Non-Monetary Settlement Provisions, Winter 2021
Standing on Thin Ice? New Guidance on Standing for Data Breach Claims, March 2021
Ready or Not, Here It Comes: Litigation and Enforcement Issues Under the California Privacy Rights Act, February 2021
What’s in Store for Future CCPA Settlements After the Hanna Andersson Class Action, December 2020
WTF?! – Wire Transfer Fraud Litigation, November 2020
The Murky Waters of the CCPA’s Private Right of Action: Real and Perceived Ambiguities Complicating Litigation, October 2020
Data Breaches, Leaked Documents and the Attorney-Client Privilege: Can the Bell Really Be Unrung?, September 2020
Prior additional articles available on request.
Resource Centers
Visit our other Resource Centers for more information on these topics:
Helping Clients Leverage the Benefits of AI While Managing Business and Legal Risks
Tracking Significant Environmental Legal Developments in 2024
Helping U.S. and Non-U.S. Companies Recognize and React to Evolving U.S. Sanctions and Export Controls